﻿using Microsoft.VisualBasic;
using System;
using System.Data;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Diagnostics;
using System.IO;
using PccCommonForC;
using bs_ShowRoom;
namespace ShowRoom.admin
{
    public partial class login : System.Web.UI.Page
    {

        string user_id;
        string iUserID;
        string role_id;
        protected void Page_Load(object sender, EventArgs e)
        {
            Page.Title = "Đăng nhập quản trị | Show room mỹ phẩm ";
            txtPassWord.Attributes.Add("onkeydown", "if(event.which || event.keyCode){if ((event.which == 13) || (event.keyCode == 13)) {document.getElementById('" + btnOk.UniqueID + "').click();return false;}} else {return true}; ");
            txtUserName.Focus();
          

        }

        private DataTable GetListUser(string Type)
        {
            bs_user mybs = new bs_user(ConfigurationManager.ConnectionStrings["ShowRoomConnectionString"].ToString());
            PccMsg myMsg = new PccMsg();
            myMsg.CreateFirstNode("Type", Type);
            DataSet ds = mybs.DoReturnDataSet("GETLISTUSER", myMsg.GetXmlStr, "");
            DataTable dt = new DataTable();
            if (ds.Tables.Count > 0)
                dt = ds.Tables[0];
            return dt;
        }

        public static string FixSQL(string strWords)
        {
            string[] badChars = null;
            int i = 0;
            string newChars = null;
            string[] Array = {
			"select",
			"drop",
			";",
			"--",
			"insert",
			"delete",
			"xp_"
		    };

            badChars = Array;
            newChars = strWords;
            for (i = 0; i <= Information.UBound(badChars, 1); i++)
            {
                newChars = Strings.Replace(newChars, badChars[i], "", 1, -1, CompareMethod.Text);
                newChars = Strings.Replace(newChars, "'", "", 1, -1, CompareMethod.Text);
            }
            return newChars;
        }
        private DataTable GetListUserID(string myUser, string myPass)
        {
            bs_user myBs = new bs_user(ConfigurationManager.ConnectionStrings["ShowRoomConnectionString"].ToString());
            PccMsg myMsg = new PccMsg();
            myMsg.CreateFirstNode("username", myUser);
            myMsg.CreateFirstNode("password", myPass);
            DataSet ds = myBs.DoReturnDataSet("GETUSERLOGIN", myMsg.GetXmlStr, "");

            DataTable dt = new DataTable();
            if (ds.Tables.Count > 0)
                dt = ds.Tables[0];

            return dt;
        }

        protected void btnOk_Click1(object sender, ImageClickEventArgs e)
        {
            if (!string.IsNullOrEmpty(txtUserName.Text) & !string.IsNullOrEmpty(txtPassWord.Text))
            {
                string myUser = FixSQL(txtUserName.Text);
                string myPass = FixSQL(txtPassWord.Text);
                DataTable dt = GetListUserID(myUser, myPass);
                if (dt.Rows.Count > 0)
                {
                    user_id = dt.Rows[0]["user_id"].ToString().Trim();
                    Session.Add("iUserName", dt.Rows[0]["username"].ToString().Trim());
                    Session.Add("user_id", user_id);
                    role_id = dt.Rows[0]["role_id"].ToString().Trim();
                }
                //Session.Add("UserID", userId);
            }

            if ((user_id != null) & !string.IsNullOrEmpty(user_id))
            {
                //FormsAuthentication.SetAuthCookie(txtusername.Text, chkPersistLogin.Checked);
                if (role_id == "0")
                {
                    Response.Redirect("admin.aspx");

                }
                else
                    Response.Redirect("../home.aspx");

            }
            else
            {
                Header.Controls.Add(new LiteralControl("<script type='text/javascript' language='javascript'>alert('UserName hoặc mật khẩu này không tồn tại!');</script>"));
                lblDisplays.Text = "<BR>Sai UserName hoặc mật khẩu.<BR>";
            }
        }
    }
}